Remote Login with Credential gives PSRemotingTransportException - windows

I am just trying to write a script that can remote login with user/pass credentials via Jenkins. I wrote this script that is given below;
$pass = convertto-securestring "SOME_PASSWORD" -asplaintext -force
$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist "SOME_USERAME",$pass
invoke-command "SOME_COMPUTER_NAME" {get-process} -credential $mycred
After running this script it giving error like;
[SOME_COMPUTER_NAME] Connecting to remote server SOME_COMPUTER_NAME failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the
WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (SOME_COMPUTER_NAME:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken
Before your question and suggestions; just controlled WinRM service local and remote machines, I enabled PSRemoting and Set-Item TrustedHosts on remote machine.

Related

PowerShell | Get Storage from Servers with "Get-ADComputer"

i have an problem with my script, plz help :3
This script is supposed to get all Server Hostnames from our Server OU. And than get the Used and Free Space of the Servers But when i try to get the server list with the "Get-AdComputer" cmdlet i get errors.
$servers = Get-ADComputer -Filter * -SearchBase "OU=SomeOU, DC=SomeDomain, DC=SomeDomain, DC=SomeDomain" | Select-Object Name
$allDisks = foreach ($server in $servers)
{
Get-WmiObject Win32_LogicalDisk -ComputerName $server -Filter DriveType=3 |
Select-Object #{'Name'='ComputerName'; 'Expression'={$server}},
DeviceID,
#{'Name'='Size'; 'Expression'={[math]::truncate($_.size / 1GB)}},
#{'Name'='Freespace'; 'Expression'={[math]::truncate($_.freespace / 1GB)}}
}
$allDisks |Export-Csv C:\Servers.csv -NoTypeInformation
when i run this i get:
Get-WmiObject : Der RPC-Server ist nicht verfügbar.
In Zeile:5 Zeichen:5
+ Get-WmiObject Win32_LogicalDisk -ComputerName $server -Filter Dri ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
+ FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
i also should add, that if i only run the thing from the first line i get an clean list of all of our servers.
As the error states that RPC server is not available for the one of the servers that you are trying to query. There can be multiple reasons as per the PS Blog:
The remote computer is blocked by the firewall.
Solution: Open the Group Policy Object Editor snap-in (gpedit.msc) to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization. OpenComputer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure. Enable the following exception: “Allow Remote Administration Exception” and “Allow File and Printer Sharing Exception“.
Hostname or IP address is wrong or the remote computer is shut down.
Solution: Verify correct hostname or IP address.
The “TCP/IP NetBIOS Helper” service isn’t running.
Solution: Verify that “TCP/IP NetBIOS Helper” is running and set to auto start after restart.
The “Remote Procedure Call (RPC)” service is not running on the remote computer.
Solution: Verify that “Remote Procedure Call (RPC)” is running and set to auto start after restart.
The “Windows Management Instrumentation” service is not running on the remote computer.
Solution: Verify that “Windows Management Instrumentation” is running and set to auto start after restart
So, I dont think there is any code issue there. Kindly check the network firwwall and server side. Also apply a try/catch block and capture the exact server name in the loop to see which server is that causing the issue.

Unable to start PSSession

I am trying to start a new remote session, using Powershell, to a server that is part of a dev domain. There is no trust between these two servers.
[XX-XXX-DB1.didevtest.local] Connecting to remote server
XX-XXX-DB1.didevtest.local failed with the following error message :
WinRM cannot complete the operation. Verify that the specified
computer name is valid, that the computer is accessible over the
network, and that a firewall exception for the WinRM service is
enabled and allows access from this computer. By default, the WinRM
firewall exception for public profiles limits access to remote
computers within the same local subnet. For more information, see the
about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (XX-XXX-DB1.didevtest.local:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken
I have enabled WinRM using Enable-PSRemoting and also added my local PC as a trusted system on the remote system using
Set-item wsman:localhost\client\trustedhosts -value.
If I use the IP address of the remote server, I get following error:
New-PSSession : [XXX.XX.X.X] Connecting to remote server
XXX.XX.X.Xfailed with the following error message : The WinRM client
cannot process the request. Default authentication may be used with an
IP address under the following conditions: the transport is HTTPS or
the destination is in the TrustedHosts list, and explicit credentials
are provided. Use winrm.cmd to configure TrustedHosts. Note that
computers in the TrustedHosts list might not be authenticated. For
more information on how to set TrustedHosts run the following command:
winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic. At line:2 char:16
+ ... motesession=New-PSSession -ComputerName "XXX.XX.X.X" -Credential $cre ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession],
PSRemotingTransportException
+ FullyQualifiedErrorId : CannotUseIPAddress,PSSessionOpenFailed Enter-PSSession : Cannot validate argument on parameter 'Session'. The
argument is null or empty. Provide an argument that is not null or
empty, and then try the command again. At line:3 char:26
+ Enter-PSSession -Session $remotesession
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Enter-PSSession], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.EnterPSSessionCommand
Add the remote machine to your TrustedHosts list :
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $ip -force

Mount-DiskImage giving Access Denied when running through remote session

I have two VM's(Windows server 2008 r2) with ip
172.17.178.10
and
172.17.178.11
.
I have created a folder named
"share"
on vm with ip 172.17.178.10 that has an iso.
I logined into vm with ip 172.17.178.11 and run the following command
"Mount-DiskImage \\172.17.178.10\share\xyz.iso"
.It mounted successfully i can see the Drive in my computer.
Now i logined into 172.17.178.10 and took a remote session using powershell command
Enter-PSSession -ComputerName 172.17.178.11 -Credential Administrator
.
Now when i run the command
"Mount-DiskImage \\172.17.178.10\share\xyz.iso"
.
I get the following error:
MOUNT-DISKIMAGE : Access is denied.
+ CategoryInfo : PermissionDenied: (MSFT_DiskImage:ROOT/Microsoft/.../MSFT_DiskImage) [Mount-DiskImage],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80070005,Mount-DiskImage
I have provided full permissions to the
share
folder.
The issue here is that powershell remoting will not allow for a second-hop authentication unless credssp is enabled. Basically what happens is that when when authenticate to the server you are remoting to it only verifies that you have access to it, it does not actually store your credentials for security reasons, so it is not able to connect to any other server in your environment. I've attached some links below with info on setting up CredSSP, which will allow you to perform second-hop remoting once it is configured.
https://support.microsoft.com/en-us/kb/951608
https://technet.microsoft.com/en-us/library/hh849872.aspx
you could also probably set your share/NTFS permissions to allow everyone read permissions but I have not tested that.

Powershell Session to one remote host then on to another

Is there a way to use Powershell to remote onto one machine (let's called it hub) and then from within that session remote onto another (a "spoke")? I need to connect to the hub touchdown server in our VPN before I can connect on to another machine.
Or is there another way to proxy the session via the hub machine?
From within the session to the HUB I can create the new PSSession, but I get an error when trying to enter it:
[HUB]: PS C:\Users\idlemind\Documents> New-PSSession remotehost.domain.com -Credential idlemind#domain.com
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
1 Session1 remotehost.d... Opened Microsoft.PowerShell Available
[HUB]: PS C:\Users\idlemind\Documents> Enter-PSSession 1
Enter-PSSession : You are currently in a Windows PowerShell PSSession and cannot use the Enter-PSSession cmdlet to enter another PSSession.
+ CategoryInfo : InvalidArgument: (:) [Enter-PSSession], ArgumentException
+ FullyQualifiedErrorId : RemoteHostDoesNotSupportPushRunspace,Microsoft.PowerShell.Commands.EnterPSSessionCommand
You'd need to enable Multihop Remoting on Hub.
Enable-WSManCredSSP –Role Client –DelegateComputer spoke
And this on Spoke. Enable-WSManCredSSP –Role Server
Please read
http://blogs.technet.com/b/heyscriptingguy/archive/2013/04/04/enabling-multihop-remoting.aspx
http://technet.microsoft.com/en-us/magazine/jj853299.aspx
http://blogs.msdn.com/b/clustering/archive/2009/06/25/9803001.aspx
Since your runnig a 2012 server, I'd investigate installing Powershell Web Access on that 'Hub' machine. It will give you very fine-grained access control, and act as a "gateway" to remote sessions on other machines once your are connected to it.

PowerShell: error executing command using Invoke-Command?

I'm trying to execute the following statement on remoter server:
Invoke-Command -ComputerName server1 -ScriptBlock {Get-Process}
but I get an error message:
[server1] Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the serv
ice on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS
or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
What is the reason for this and how to fix it?
There is 2 basical reason:
1) remote computer has not Powershell installed
2) PSremoting is not enabled on remote PC (to enable it read my comment in you answer)

Resources